Change log for unzip package in Debian
1 → 39 of 39 results | First • Previous • Next • Last |
unzip (6.0-28) unstable; urgency=medium * Drop debian/source/lintian-overrides, obsolete since version 6.0-18. * Update URI for Info-ZIP license in copyright file. * Update standards version to 4.6.2. * Run wrap-and-sort. * Update Homepage. -- Santiago Vila <email address hidden> Sun, 19 Feb 2023 19:02:00 +0100
Published in bullseye-release |
unzip (6.0-26+deb11u1) bullseye-security; urgency=medium * Apply upstream patch for CVE-2022-0529 and CVE-2022-0530. - Fix null pointer dereference on invalid UTF-8 input. - Fix wide string conversion in process.c. Closes: #1010355. -- Santiago Vila <email address hidden> Sun, 07 Aug 2022 01:45:00 +0200
unzip (6.0-27) unstable; urgency=medium * Apply upstream patch for CVE-2022-0529 and CVE-2022-0530. - Fix null pointer dereference on invalid UTF-8 input. - Fix wide string conversion in process.c. Closes: #1010355. -- Santiago Vila <email address hidden> Tue, 02 Aug 2022 19:05:00 +0200
Published in buster-release |
unzip (6.0-23+deb10u2) buster; urgency=medium * Two more patches from Mark Adler for CVE-2019-13232. Closes: #963996. - Fix bug in UZbunzip2() that incorrectly updated G.incnt. - Fix bug in UZinflate() that incorrectly updated G.incnt. -- Santiago Vila <email address hidden> Sun, 10 Jan 2021 16:12:00 +0100
unzip (6.0-26) unstable; urgency=medium * Two more patches from Mark Adler for CVE-2019-13232. Closes: #963996. - Fix bug in UZbunzip2() that incorrectly updated G.incnt. - Fix bug in UZinflate() that incorrectly updated G.incnt. * Avoid weird zipgrep errors when no members are present. Thanks to Kevin Locke. Closes: #972233. * Update dependency on debhelper. -- Santiago Vila <email address hidden> Sun, 10 Jan 2021 15:34:00 +0100
Published in stretch-release |
unzip (6.0-21+deb9u2) stretch; urgency=medium * Fix incorrect parsing of 64-bit values in fileio.c. Closes: #929502. * Apply three patches by Mark Adler to fix CVE-2019-13232. - Fix bug in undefer_input() that misplaced the input state. - Detect and reject a zip bomb using overlapped entries. Bug discovered by David Fifield. Closes: #931433. - Do not raise a zip bomb alert for a misplaced central directory. Reported by Peter Green. Closes: #932404. -- Santiago Vila <email address hidden> Mon, 05 Aug 2019 18:10:06 +0200
Superseded in buster-release |
unzip (6.0-23+deb10u1) buster; urgency=medium * Apply three patches by Mark Adler to fix CVE-2019-13232. - Fix bug in undefer_input() that misplaced the input state. - Detect and reject a zip bomb using overlapped entries. Bug discovered by David Fifield. Closes: #931433. - Do not raise a zip bomb alert for a misplaced central directory. Reported by Peter Green. Closes: #932404. -- Santiago Vila <email address hidden> Tue, 30 Jul 2019 22:26:10 +0200
unzip (6.0-25) unstable; urgency=medium * Apply one more patch by Mark Adler: - Do not raise a zip bomb alert for a misplaced central directory. This should allow Firefox to build again. Closes: #932404. Reported by Peter Green. Hopefully CVE-2019-13232 is fixed now. -- Santiago Vila <email address hidden> Sat, 27 Jul 2019 18:01:36 +0200
unzip (6.0-24) unstable; urgency=medium * Apply two patches by Mark Adler: - Fix bug in undefer_input() that misplaced the input state. - Detect and reject a zip bomb using overlapped entries. Closes: #931433. Bug discovered by David Fifield. For reference, this is CVE-2019-13232. -- Santiago Vila <email address hidden> Thu, 11 Jul 2019 18:03:34 +0200
unzip (6.0-23) unstable; urgency=medium * Fix lame code in fileio.c which parsed 64-bit values incorrectly. Thanks to David Fifield for the report. Closes: #929502. -- Santiago Vila <email address hidden> Wed, 29 May 2019 00:24:08 +0200
Superseded in stretch-release |
unzip (6.0-21+deb9u1) stretch; urgency=medium * Fix buffer overflow in password protected ZIP archives. Closes: #889838. Patch borrowed from SUSE. For reference, this is CVE-2018-1000035. -- Santiago Vila <email address hidden> Wed, 17 Apr 2019 21:23:40 +0200
unzip (6.0-22) unstable; urgency=medium * Fix buffer overflow in password protected ZIP archives. Closes: #889838. Patch borrowed from SUSE. For reference, this is CVE-2018-1000035. * Rules-Requires-Root: no. -- Santiago Vila <email address hidden> Sat, 09 Feb 2019 18:12:00 +0100
Published in jessie-release |
unzip (6.0-16+deb8u3) jessie; urgency=medium * Update patch 12-cve-2014-9636-test-compr-eb to follow revised patch "unzip-6.0_overflow3.diff" from mancha (patch author). * Fix CVE-2014-9913, buffer overflow in unzip. Closes: #847485. Patch by the author. * Fix CVE-2016-9844, buffer overflow in zipinfo. Closes: #847486. Patch by the author. -- Santiago Vila <email address hidden> Sat, 28 Jan 2017 14:03:06 +0100
unzip (6.0-21) unstable; urgency=medium * Rename all debian/patches/* to have .patch ending. * Update 12-cve-2014-9636-test-compr-eb.patch to follow revised patch "unzip-6.0_overflow3.diff" from mancha (patch author). Update also to follow upstream coding style. * Drop workaround for gcc optimization bug on ARM (GCC Bug #764732) in the hope that it's not present anymore in GCC-6. * Allow source to be cross-built. Closes: #836051. * Do not ignore Unix Timestamps. Closes: #842993. Patch by the author. * Fix CVE-2014-9913, buffer overflow in unzip. Closes: #847485. Patch by the author. * Fix CVE-2016-9844, buffer overflow in zipinfo. Closes: #847486. Patch by the author. -- Santiago Vila <email address hidden> Sun, 11 Dec 2016 21:03:30 +0100
Published in wheezy-release |
unzip (6.0-8+deb7u5) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Update 16-fix-integer-underflow-csiz-decrypted patch. Fix regression in handling 0-byte files. (Closes: #804595) -- Salvatore Bonaccorso <email address hidden> Mon, 09 Nov 2015 21:02:00 +0100
Superseded in jessie-release |
unzip (6.0-16+deb8u2) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Update 16-fix-integer-underflow-csiz-decrypted patch. Fix regression in handling 0-byte files. (Closes: #804595) -- Salvatore Bonaccorso <email address hidden> Mon, 09 Nov 2015 20:49:54 +0100
unzip (6.0-20) unstable; urgency=high * Update debian/patches/16-fix-integer-underflow-csiz-decrypted to fix regression on encrypted 0-byte files. Closes: #804595. Thanks to Marc Deslauriers for the fix in Ubuntu. -- Santiago Vila <email address hidden> Mon, 09 Nov 2015 22:15:32 +0100
unzip (6.0-19) unstable; urgency=medium * Fix infinite loop when extracting password-protected archive. This is CVE-2015-7697. Closes: #802160. * Fix heap overflow when extracting password-protected archive. This is CVE-2015-7696. Closes: #802162. * Fix additional unsigned overflow on invalid input. * Thanks a lot to Raphaël Hertzog for the squeeze-lts release, from which this upload is mainly derived. -- Santiago Vila <email address hidden> Thu, 22 Oct 2015 12:12:46 +0200
Superseded in wheezy-release |
unzip (6.0-8+deb7u3) wheezy; urgency=medium * Apply the following patches from jessie: - Fixed bug "unzip thinks some files are symlinks". Closes: #717029. Reported by Jeff King. Patch by Andreas Schwab. - Increase size of cfactorstr array in list.c to avoid a buffer overflow problem. Closes: #741384. - Fix zipinfo crash where a value <= 25.5 was printed in a buffer having room only for values < 10.0. Closes: #744212. -- Santiago Vila <email address hidden> Sun, 21 Jun 2015 11:00:00 +0200
unzip (6.0-18) unstable; urgency=medium * Ship a debian/copyright file in source package instead of generating it a build time. Closes: #795567. -- Santiago Vila <email address hidden> Sun, 16 Aug 2015 23:34:42 +0200
unzip (6.0-17) unstable; urgency=medium * Switch to dh. * Remove build date embedded in binary to make the build reproducible. Thanks to Jérémy Bobbio <email address hidden>. Closes: #782851. -- Santiago Vila <email address hidden> Sun, 17 May 2015 12:41:52 +0200
unzip (6.0-16) unstable; urgency=medium * Update 09-cve-2014-8139-crc-overflow to fix CVE-2014-8139 the right way (patch by the author). Closes: #775640. * Update 10-cve-2014-8140-test-compr-eb to apply cleanly. * Update 12-cve-2014-9636-test-compr-eb to follow the extract.c file from the author. -- Santiago Vila <email address hidden> Fri, 30 Jan 2015 22:16:08 +0100
unzip (6.0-15) unstable; urgency=medium * Fix heap overflow. Ensure that compressed and uncompressed block sizes match when using STORED method in extract.c. Patch taken from Ubuntu. Thanks a lot. Closes: #776589. For reference, this is CVE-2014-9636. -- Santiago Vila <email address hidden> Thu, 29 Jan 2015 18:39:52 +0100
Superseded in wheezy-release |
unzip (6.0-8+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Apply upstream fix for three security bugs. CVE-2014-8139: CRC32 verification heap-based overflow CVE-2014-8140: out-of-bounds write issue in test_compr_eb() CVE-2014-8141: out-of-bounds read issues in getZip64Data() (Closes: #773722) -- Salvatore Bonaccorso <email address hidden> Fri, 26 Dec 2014 20:04:35 +0100
unzip (6.0-14) unstable; urgency=medium * Drop -O2 optimization on armhf as a workaround for gcc Bug #764732. Closes: #773785. -- Santiago Vila <email address hidden> Tue, 30 Dec 2014 22:17:12 +0100
unzip (6.0-13) unstable; urgency=medium * Apply upstream fix for three security bugs. Closes: #773722. CVE-2014-8139: CRC32 verification heap-based overflow CVE-2014-8140: out-of-bounds write issue in test_compr_eb() CVE-2014-8141: out-of-bounds read issues in getZip64Data() -- Santiago Vila <email address hidden> Mon, 22 Dec 2014 19:16:10 +0100
unzip (6.0-12) unstable; urgency=medium * Fix zipinfo crash where a value <= 25.5 was printed in a buffer having room only for values < 10.0. The integral part is now printed at attribs[11] using %2u instead of attribs[12] using %u. This way the output is the same as before for values < 10. Authors tell me that the next unzip release will have a fix like this, at least for the Unix case. Closes: #744212. -- Santiago Vila <email address hidden> Thu, 24 Apr 2014 23:39:38 +0200
unzip (6.0-11) unstable; urgency=medium * Lowered mime priority to 3, somewhat below 5 which is file-roller default value. Closes: #727306. * Increase size of cfactorstr array in list.c to avoid a buffer overflow problem. Closes: #741384. -- Santiago Vila <email address hidden> Mon, 17 Mar 2014 17:38:50 +0100
unzip (6.0-10) unstable; urgency=low * Fixed bug "unzip thinks some files are symlinks". Closes: #717029. Reported by Jeff King. Patch by Andreas Schwab. * Added recommended targets build-arch and build-indep. * Dropped obsolete Conflicts and Replaces on unzip-crypt, for which the last version was a dummy transitional package. * The copyright file is generated from copyright.in at build time. Added lintian override for no-debian-copyright. -- Santiago Vila <email address hidden> Mon, 14 Oct 2013 18:48:40 +0200
unzip (6.0-9) unstable; urgency=low * Added NO_WORKING_ISPRINT to DEFINES so that UTF8 filenames are displayed correctly. Reported by Slavek Banko. Closes: #682682. * Use the right strip command when cross-building. Closes: #695141. -- Santiago Vila <email address hidden> Sun, 24 Feb 2013 17:12:00 +0100
unzip (6.0-8) unstable; urgency=low * Made unzip -X to actually restore uid/gid information. Closes: #689212. Thanks to Axel Scheepers for the report. * Disabled memcpy, as it is being used on overlapping buffers, leading to data corruption. Closes: #694601. Thanks to M Joonas Pihlaja for the report. -- Santiago Vila <email address hidden> Wed, 28 Nov 2012 12:41:34 +0100
unzip (6.0-7) unstable; urgency=low * Added Multi-Arch: foreign. Closes: #678812. -- Santiago Vila <email address hidden> Sat, 30 Jun 2012 14:17:42 +0200
unzip (6.0-6) unstable; urgency=low * Added hardening flags. Closes: #656268. -- Santiago Vila <email address hidden> Sun, 01 Apr 2012 00:01:40 +0200
unzip (6.0-5) unstable; urgency=low * Handle the PKWare verification bit of internal attributes. Patch taken from 6.10 beta. Thanks to sms. Closes: #630078. -- Santiago Vila <email address hidden> Fri, 01 Jul 2011 19:06:08 +0200
unzip (6.0-4) unstable; urgency=low * Added homepage field to control file. * Switch to 3.0 (quilt) source format. * Support cross-build. -- Santiago Vila <email address hidden> Sun, 21 Feb 2010 17:01:00 +0100
unzip (6.0-3) unstable; urgency=low * Added "set -e" to postinst and postrm. -- Santiago Vila <email address hidden> Tue, 09 Feb 2010 23:53:42 +0100
unzip (6.0-2) unstable; urgency=low * Do not ignore errors from make clean (lintian warning) * Remove .comment section from executables (lintian warning). * Added mime stuff so that mutt is able to see the contents of a zipfile using "unzip -l". Closes: #474538. -- Santiago Vila <email address hidden> Mon, 08 Feb 2010 18:44:00 +0100
unzip (6.0-1) unstable; urgency=low * New upstream release. Closes: #496989. * Enabled new Unicode support. Closes: #197427. This may or may not work for your already created zipfiles, but it's not a bug unless they were created using the Unicode feature present in zip 3.0. * Built using DATE_FORMAT=DF_YMD so that unzip -l show dates in ISO format, as that's the only available one which makes sense. Closes: #312886. * Enabled new bzip2 support. Closes: #426798. * Exit code for zipgrep should now be the right one. Closes: #441997. * The reason why a file may not be created is now shown. Closes: #478791. * Summary of changes in this version not being the debian/* files: - Manpages in section 1, not 1L. - Branding patch. UnZip by Debian. Original by Info-ZIP. - Always #include <unistd.h>. Debian GNU/kFreeBSD needs it. -- Santiago Vila <email address hidden> Fri, 08 May 2009 20:02:40 +0200
unzip (5.52-12) unstable; urgency=medium * Fixed stack underflow in unshrink.c. Closes: #454037. Thanks to Christian Spieler for the patch. -- Santiago Vila <email address hidden> Sat, 26 Jul 2008 16:51:38 +0200
1 → 39 of 39 results | First • Previous • Next • Last |